The Badge Archive

Cybersecurity WWYD Questions

Fulfills Step 3 of GSUSA Ambassador Cybersecurity Basics badge requirements.

Info Needed for the badge requirements: Think about the balance between protecting individual privacy and ensuring collective safety. Consider how decisions impact trust and security. First are the types of hackers: White Hat, The good guys, fixing problems legally. Gray Hat, They break rules but try to help. Black Hat, The bad guys, causing harm or stealing. Then reflect on what happens when security weaknesses are discovered. Should the information be kept secret, shared publicly, or reported to the organization for improvement? Consider different perspectives like: Government, Wants safety and crime prevention. Companies, Want to protect users’ trust. Hackers and Public, Opinions vary depending on the situation. Realize that decisions have consequences. Will the choice help or harm individuals and organizations?

Items Needed

  • A list of “What would you do?” ethical cybersecurity questions (See suggestions below)
  • Space for scouts to discuss in pairs or small groups (e.g., tables, chairs, or breakout rooms)
  • Timer or stopwatch for managing rapid responses

Instructions

  1. Read or display short “What would you do?” questions to all scouts. Examples include:
    • “If you found a security weakness, would you keep it secret, report it to the company, or share it online?”
    • “If you could hack for money, would you do it?”
    • “Should privacy ever be sacrificed for security?”
  2. Allow scouts a few seconds to decide and share their answers. Keep responses short and direct.
  3. Use the list of questions to have a rapid Q&A session with small groups. After each question, take a few minutes to discuss why scouts chose their answers. Highlight different viewpoints and how they align with cybersecurity ethics.

Cybersecurity: What Would You Do? Questions

  1. Balancing Privacy and Security:
    • If you had access to private user data that could help prevent a crime, would you share it with law enforcement or protect the users’ privacy?
  2. Types of Hackers:
    • If you discovered a vulnerability in a company’s system, would you report it to them (White Hat), use it without permission but with good intentions (Gray Hat), or exploit it for personal gain (Black Hat)?
    • If you were offered money to hack into a system, would you accept the offer or report it?
  3. Handling Vulnerabilities:
    • If you found a weakness in a popular social media app, would you:
      • Keep it secret to avoid others exploiting it?
      • Report it to the company to get it fixed?
      • Share it publicly to raise awareness?
  4. Government vs. Privacy:
    • Should the government be allowed to access encrypted messages on personal devices if it’s for national security? Would your opinion change if it were your data?
    • If a government agency asked you to create a tool to bypass security features, would you comply?
  5. Perspective Thinking:
    • As a company leader, would you prioritize user trust and refuse to cooperate with government requests for data, or would you assist them in the name of public safety?
    • If you were a hacker, would you choose to help a company improve its security or exploit the system for personal advantage?
  6. Consequences of Decisions:
    • If your actions to protect privacy risked public safety, would you reconsider your choice?
    • If you made a decision to secure a system but harmed public trust in the process, would you still believe it was the right thing to do?
Tia Kennard